SpaceXAI's Grok Build Caught Uploading Entire Code Repositories, Raising Privacy Concerns

July 14, 2026
SpaceXAI's Grok Build Caught Uploading Entire Code Repositories, Raising Privacy Concerns
  • The privacy toggle intended to prevent transmission did not work in reports, adding to Grok’s privacy issues and allegations of training on user data without consent, flagged as a potential EU breach.

  • Cereblab’s report reveals that full file contents and Git histories, including secrets deleted months earlier, were transmitted, and in some cases an entire user directory with SSH keys and password managers was uploaded.

  • An independent security analysis of CLI version 0.2.93 shows the tool uploaded the entire tracked codebase and secrets to a storage bucket, far exceeding the coding task’s needs.

  • Musk’s broader AI vision emphasizes progress, transparency, and safety, with data deletion as a focal point amid debates on how future platforms should manage user information.

  • The incident underscores risks to developers’ sensitive information when using AI-assisted coding tools and the need for robust data-retention safeguards.

  • Grok Build, SpaceXAI's coding assistant, was found to upload users’ entire repositories and Git histories to Google Cloud Storage during task processing, not just the requested data.

  • xAI later released a /privacy command to opt out of data retention, but independent testing found this did not stop uploads; the effective fix was a server-side flag disable_codebase_upload: true.

  • Looking ahead, future AI platforms may offer clearer data permissions, automatic deletion options, and enhanced transparency tools to satisfy user demands for control over personal information.

  • Ongoing questions remain about why full repositories were uploaded by default, how long data was kept, and how many users were affected; a training opt-out does not guarantee data stays local.

  • While Musk did not provide detailed technical specifics about deletion, the move signals a stronger emphasis on user data control amid privacy, security, and data-management scrutiny.

  • Overall, Grok Build has stopped full-repo uploads, but concerns persist about default data-retention practices and the need for a clearly documented privacy posture.

  • The teardown notes there is no claim that the data was used for training or read by staff, but tracked files and history were transmitted and stored.

Summary based on 8 sources


Get a daily email with more Tech stories

More Stories